[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: traffic leaking out on PPP connection

On 13 Nov 2004 01:22:23 -0800, [email protected] (Peter Matulis) wrote:
>My firewall is pretty tight.  I block all incoming by default and let out 
>only certain destination ports.  I'm currently filtering on 
>external interface only.
You do have a 
block log all
at the start of your policy ?
>Any comments?
Yes, tweak as appropriate
~~ # grep nbt /etc/pf.conf
anchor nbt
load anchor nbt:nbt from "/etc/pf-nbt.conf"
~~ # cat /etc/pf-nbt.conf
RPC_NBT="{ epmap, netbios-ns, netbios-dgm, netbios-ssn, microsoft-ds }"
# Drop NBT on external interface
block quick on $Ext inet proto {tcp,udp} from any to any port $RPC_NBT
It also has the advantage of removing tonnes of meaningless nbt cruft from
the logging of default 'block log all'.  
There's fighting on the left and marching on the right
Don't look up in the sky, you're gonna die of fright
Here comes the razors edge